Sanitization models and their limitations

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Sanitization models and their limitations

Full text

Pdf (397 KB)

Source

New Security Paradigms Workshop archive
Proceedings of the 2006 workshop on New security paradigms table of contents

Germany

SESSION: Data table of contents

Pages: 41 - 56

Year of Publication: 2006

ISBN:978-1-59593-923-4

Authors

R. Crawford	University of California at Davis, Davis, CA
M. Bishop	University of California at Davis, Davis, CA
B. Bhumiratana	University of California at Davis, Davis, CA
L. Clark	University of California at Davis, Davis, CA
K. Levitt	University of California at Davis, Davis, CA

Sponsor

ACSA : Applied Computer Security Associates

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 18, Downloads (12 Months): 129, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1278940.1278948 What is a DOI?

ABSTRACT

This work explores issues of computational disclosure control. We examine assumptions in the foundations of traditional problem statements and abstract models. We offer a comprehensive framework, based on the notion of an inference game, that unifies various inference problems by parameterizing their problem spaces. This work raises questions regarding the significance of intractability results. We analyze common structural aspects of inference problems via case studies; these emphasize why explicit policies are needed to specify all social context and ethical values relevant to a problem instance.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Information Technology--Common Logic (CL)--A Framework for a Family of Logic-Based Languages, Final Committee Draft ISO/IEC FCD 24707, Reference No. ISO/JTC 1/SC 32N1377 (Dec. 2005); available at http://cl.tamu.edu.
	2	J. Achugbue and F. Chin, "The Effectiveness of Output Modification by Rounding for Protection of Statistical Databases," INFOR. Canadian Journal of Operational Research and Information Processing 17 (3) pp. 209--218 (Aug. 1979).
	3	Matt Bishop , Rick Crawford , Bhume Bhumiratana , Lisa Clark , Karl Levitt, Some Problems in Sanitizing Network Data, Proceedings of the 15th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, p.307-312, June 26-28, 2006 [doi>10.1109/WETICE.2006.62]
	4	Matt Bishop , Bhume Bhumiratana , Rick Crawford , Karl Levitt, How to Sanitize Data, Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, p.217-222, June 14-16, 2004 [doi>10.1109/ENABL.2004.36]
	5	P. c. Chu, Cell Suppression Methodology: The Importance of Suppressing Marginal Totals, IEEE Transactions on Knowledge and Data Engineering, v.9 n.4, p.513-523, July 1997 [doi>10.1109/69.617047 ]
	6	M. Covington, M. Moyer, and M. Ahamad, "Generalized Role-Based Access Control for Securing Future Applications," Proceedings of the 23rd National Information Systems Security Conference pp. 1--10 (Oct. 2000).
	7	H. Delugach and T. Hinke, "Using Conceptual Graphs To Represent Database Inference Security Analysis," Journal of Computing and Information Technology 2(4) pp. 291--307 (Dec. 1994).
	8	D. Denning, "Restricting Queries that Might Lead to Compromise," Proceedings of the IEEE 1981 Symposium on Security and Privacy pp. 33--40 (Apr. 1981).
	9	D. Denning, "A Preliminary Note on the Inference Problem in Multilevel Database Management Systems," Proceedings of the National Computer Security Center Invitational Workshop on Database Security (June 1986).
	10	Dorothy E. Denning , Peter J. Denning , Mayer D. Schwartz, The tracker: a threat to statistical database security, ACM Transactions on Database Systems (TODS), v.4 n.1, p.76-96, March 1979 [doi>10.1145/320064.320069]
	11	Irit Dinur , Kobbi Nissim, Revealing information while preserving privacy, Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.202-210, June 09-11, 2003, San Diego, California [doi>10.1145/773153.773173]
	12	Sir A. C. Doyle, "Silver Blaze," in The Annotated Sherlock Holmes, Volume 2, Clarkson N. Potter, Inc., New York, NY pp. 261--281(1967).
	13	Boris Dragovic , Jon Crowcroft, Information exposure control through data manipulation for ubiquitous computing, Proceedings of the 2004 workshop on New security paradigms, September 20-23, 2004, Nova Scotia, Canada [doi>10.1145/1065907.1066036]
	14	George T. Duncan , Thomas B. Jabine , Virginia A. de Wolf, Private lives and public policies: confidentiality and accessibility of government statistics, National Academy Press, Washington, DC, 1993
	15	G. Duncan, S. Keller-McNulty, and S. Stokes, "Database Security and Confidentiality: Examining Disclosure Risk vs. Data Utility through the R-U Confidentiality Map," Technical Report 142, National Institute of Statistical Sciences, Research Triangle Park, NC (Mar. 2004); available at http://www.niss.org/technicalreports/tr142.pdf
	16	Jinliang Fan , Jun Xu , Mostafa H. Ammar , Sue B. Moon, Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.46 n.2, p.253-272, 7 October 2004 [doi>10.1016/j.comnet.2004.03.033]
	17	Matteo Fischetti , Juan José Salazar, Solving the Cell Suppression Problem on Tabular Data with Linear Constraints, Management Science, v.47 n.7, p.1008-1027, July 2001 [doi>10.1287/mnsc.47.7.1008.9805]
	18	Deborah Frincke, Balancing cooperation and risk in intrusion detection, ACM Transactions on Information and System Security (TISSEC), v.3 n.1, p.1-29, Feb. 2000 [doi>10.1145/353323.353324]
	19	Krishnaram Kenthapadi , Nina Mishra , Kobbi Nissim, Simulatable auditing, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland [doi>10.1145/1065167.1065183]
	20	Ashwin Machanavajjhala , Johannes Gehrke , Daniel Kifer , Muthuramakrishnan Venkitasubramaniam, \ell -Diversity: Privacy Beyond \kappa -Anonymity, Proceedings of the 22nd International Conference on Data Engineering, p.24, April 03-07, 2006 [doi>10.1109/ICDE.2006.1]
	21	Bradley Malin , Edoardo Airoldi , Samuel Edoho-Eket , Yiheng Li, Configurable Security Protocols for Multi-party Data Analysis with Malicious Participants, Proceedings of the 21st International Conference on Data Engineering, p.533-544, April 05-08, 2005 [doi>10.1109/ICDE.2005.37]
	22	Donald G. Marks, Inference in MLS Database Systems, IEEE Transactions on Knowledge and Data Engineering, v.8 n.1, p.46-55, February 1996 [doi>10.1109/69.485628 ]
	23	Donald G. Marks , Leonard J. Binns , Bhavani M. Thuraisingham, Hypersemantic Data Modeling for Inference Analysis, Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, p.157-180, August 23-26, 1994
	24	Adam Meyerson , Ryan Williams, On the complexity of optimal K-anonymity, Proceedings of the twenty-third ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 14-16, 2004, Paris, France [doi>10.1145/1055558.1055591]
	25	G. Minshall, "Tcpdpriv", Release 1.1.10 (Aug. 1997); available at http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html
	26	Markus Peuhkuri, A method to compress and anonymize packet traces, Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, November 01-02, 2001, San Francisco, California, USA [doi>10.1145/505202.505233]
	27	J. F. Sowa, Conceptual structures: information processing in mind and machine, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1984
	28	Latanya Sweeney, k-anonymity: a model for protecting privacy, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, v.10 n.5, p.557-570, October 2002 [doi>10.1142/S0218488502001648]
	29	Latanya Sweeney, Achieving k-anonymity privacy protection using generalization and suppression, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, v.10 n.5, p.571-588, October 2002 [doi>10.1142/S021848850200165X]
	30	Latanya Sweeney, Privacy-enhanced linking, ACM SIGKDD Explorations Newsletter, v.7 n.2, p.72-75, December 2005 [doi>10.1145/1117454.1117464]
	31	Bhavani M. Thuraisingham, The Use of Conceptual Structures for Handling the Inference Problem, Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects, p.333-362, November 01, 1991
	32	W. Ware, "Records, Computers, and the Rights of Citizens: Report of the Secretary's Advisory Committee on Automated Personal Data Systems," DHEW Publication (OS)73--94, U.S. Dept. of Health, Education and Welfare (July 1973).
	33	Sheng Zhong , Zhiqiang Yang , Rebecca N. Wright, Privacy-enhancing k-anonymization of customer data, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland [doi>10.1145/1065167.1065185]